Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.32 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete all plugin records via a request in the CF7DBPluginSubmissions page to wp-admin/admin.php.
Monthly Archives: March 2015
How to manage your clients cycle of life with Panda Cloud Partner Center!
Enterprises security expenses continue increasing. How can Panda Cloud Partnet Center help you? It’s the tool that enables you to know your clients’ status.
Panda Cloud Partner Center offers an increasing benefits solution as part of a business management group plan.
Would you like to be a partner of Panda Security?
The post How to manage your clients cycle of life with Panda Cloud Partner Center! appeared first on MediaCenter Panda Security.
Bugtraq: MongoDB BSON Handling Remote Denial of Service Vulnerability
MongoDB BSON Handling Remote Denial of Service Vulnerability
Bugtraq: [security bulletin] HPSBGN03277 rev.1 – HP Virtualization Performance Viewer, Remote Execution of Code, Denial of Service (DoS) and Other Vulnerabilities
[security bulletin] HPSBGN03277 rev.1 – HP Virtualization Performance Viewer, Remote Execution of Code, Denial of Service (DoS) and Other Vulnerabilities
Bugtraq: ocPortal 9.0.16 Multiply XSS Vulnerabilities
ocPortal 9.0.16 Multiply XSS Vulnerabilities
Bugtraq: [ MDVSA-2015:056 ] rpm
[ MDVSA-2015:056 ] rpm
Three men indicted in ‘one of the largest’ data breaches in US history
The US Department of Justice has charged three men with what is being described as “one of the largest reported data breaches in US history,”
The post Three men indicted in ‘one of the largest’ data breaches in US history appeared first on We Live Security.
ESET’s Mark James on 2015’s security trends
how is 2015 shaping up in security? We caught up with ESET researcher Mark James to get his take on threats, security and how people should ensure their year is free of malware.
The post ESET’s Mark James on 2015’s security trends appeared first on We Live Security.
CVE-2014-3691
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API request via a request without a certificate.
CVE-2014-9472
The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.